The Wallacea Trust is committed to protecting and respecting your privacy. This Policy governs the data which we collect from you in the course of our business and the way in which we protect and process such information. Please read this carefully to understand how we will treat your personal data.
For the purpose of the General Data Protection Regulation (the “GDPR”), which applies in the UK on May 25, 2018, and other data protection laws applicable in the UK, the data controller is Wallacea Trust (Charity Registration 1078362), Wallace House, Old Bolingbroke, Spilsby, Lincolnshire, PE23 4EX.
Information we may collect about you
Data regarding you is collected, retained and processed subject to and in accordance with the requirements of the GDPR. We may collect personal data, that includes: name, title, contact information including email address and mailing address, telephone number, demographic information such as postcode, IP address, and other information relevant to services we provide to you.
We may collect and process the following data about you:
(a) Information you provide when you use our website wallaceatrust.org (the “website”). This includes information provided by you at the time you make a donation. We may also ask you for information if you report a problem with our website.
(b) If you contact us by email, through our contact form, by telephone or in writing. We may keep a copy of that correspondence or communication.
(c) Details of any transactions you carry out with us through the website or by any other means.
(d) Details of your visits to the website and the resources that you access.
IP addresses and cookies
Legal basis for data processing
We can process personal data on various legal bases.
For processing operations for which we obtain consent for a specific processing purpose, Article 6(1)(a) of the GDPR is our legal basis.
If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as for example when processing operations necessary to provide our service, the processing is based on Article 6(1)(b) of the GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our gifts or services.
If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, our processing is based on Article 6(1)(c) of the GDPR.
Finally, we can base our processing operations on Article 6(1)(f) of the GDPR: this legal basis is used for processing operations which are not covered by the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Uses made of your information
We use the information collected about you for the following purposes:
- To ensure the services you have chosen are delivered to you in the most effective way, and to assist with the performance of our internal contract, accounting and administrative functions.
- To assist us in developing new and improved products as indicated by user practice and preferences, based on our analysis of patterns of site usage.
- To provide you with details of changes to our charity, products and events which we believe may be of interest to you from the Wallacea Trust.
- We will not share your data with third parties for marketing purposes unless we have procured your express consent to do so.
Retention of your information
We take appropriate measures to ensure that any information collected from you is kept only for so long as is necessary for the purpose for which such information is used.
We normally update your personal data within seven (7) working days of any new or updated personal data being provided to us, to ensure that the personal data we hold about you is as accurate as possible.
We protect your data by:
Offering you a secure transmission method to send us personal information.
Implementing security policies and technical measures to protect data from:
- unauthorised access;
- improper use or disclosure;
- unauthorised modification; and
- unlawful destruction or accidental loss.
Disclosure of your information
We may disclose your personal information to third parties:
a) If we are under a duty to disclose or share your personal data to comply with any legal obligation.
b) If it is required to do so to deliver our services. We sometimes outsource certain functions of our business to service providers: some of these service providers may use cloud-based systems: in that case, your personal data would be hosted on their servers, but under our direction and control.
c) To protect the rights, property or safety of the Wallacea Trust, our supporters, or others.
d) Where we have received your permission for us to do so.
Transfers outside the European Economic Area
We will only transfer your personal data to countries which are considered as providing an adequate level of legal protection or where alternative arrangements are in place to protect your rights.
We may transfer your personal data outside the EEA in the unlikely event that we receive a legal request from a foreign law enforcement body. All requests for information we receive from these bodies will be carefully checked before personal data is transferred.
We may use remote website server hosts to provide and maintain some aspects of our service and website, which may be based outside the EEA (in “the cloud”). Transfers to service providers outside of the EEA will be protected by contractual commitments and, where appropriate, further assurances, such as certification schemes (including the EUUS Privacy Shield for the protection of personal data transferred from the EU to the US and accessed in the US).
You have the right to ask for more information about the safeguards we have put in place as mentioned above.
Your rights under the GDPR
The GDPR gives you rights regarding the information we collect and process about you. If you wish to exercise such right, please submit a request to us in writing at firstname.lastname@example.org.
Rights of access
The GDPR gives you the right to access information held about you. Any access request shall be subject to your providing acceptable proof of identification. If we are processing your personal data, we will provide you with a copy of that personal data.
If you require additional copies, we may charge a reasonable administrative fee.
Rights of rectification
You are entitled to have your personal data rectified if it is inaccurate or incomplete. You should instruct us to correct or update any personal data we hold about you (for instance, if you change your address or your name).
Rights to erasure
You have a right to have your personal data erased and to prevent processing in specific circumstances.
Rights to restrict processing
In certain circumstances, you have the right to obtain from us restriction of processing (especially when the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data).
Rights to withdraw your consent
In certain circumstances, we must have your consent before we contact you. You have the right to withdraw your consent to processing of your personal data at any time by contacting us at email@example.com.
Rights to data portability
With effect from May 25th, 2018, you have the right, in certain circumstances, to obtain personal data you have provided us with, in a structured, commonly used and machine-readable format, and to reuse it elsewhere or ask us to transfer this to a third party of your choice.
Rights to object
You have the right to object to:
- Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling).
- Direct marketing (including profiling).
- Processing for purposes of scientific/historical research and statistics.
Rights related to automated decision making and profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, as long as the decision is not necessary for entering into, or the performance of, a contract between you and us; or is not based on your explicit consent.
Rights to lodge a complaint with a supervisory authority
You have a right to lodge a complaint with a supervisory authority, to enforce your rights, as
specified above. You can find details about how to do this on the UK Information Commissioner’s Office (ICO) website at https://ico.org.uk/concerns/.
Links to other websites
Our website may sometimes link to other third-party websites. We are not responsible for the accuracy or efficacy of the information or data policies or procedures of these third parties. If you access these sites using the links provided on our website, you should satisfy yourself as to the relevant data policies in effect on these sites.
If any of your personal data changes, or if you have any questions, comments or requests regarding the protection of your personal data or this policy, please contact us by email at firstname.lastname@example.org or in writing at the address set out on the Contact Us page of the website.